Skip to content
Lavina Jahorina

lavina-jahorina.com

Lavina Jahorina

lavina-jahorina.com

What Should You Ask Your HIPAA Hosting Provider?

Toby Lambert, April 25, 2023April 25, 2023

With the litany of HIPAA breaches caused by business associates/IT vendors in the news lately, covered entities need to be more proactive when it comes to vetting their HIPAA hosting provider.

Protecting confidential patient health information and preventing a HIPAA violation should be the top IT goal of all healthcare organizations HIPAA Service, individual providers and software vendors. But hosting your critical data and applications with a provider requires trust and confidence in their ability to meet HIPAA compliance requirements.

What questions should you, as covered entity, ask your HIPAA hosting provider?

Have you been independently audited by a Certified HIPAA Practitioner (CHP) and Certified HIPAA Security Specialist (CHSS)? To verify your data center operator and hosting solutions are truly HIPAA compliant, they need to be 100% compliant across all 54 HIPAA citations and 136 audited components. Although covered entities need to assess their own policies and procedures to become HIPAA compliant, partnering with a HIPAA compliant IT vendor will greatly improve your chances of passing a HIPAA audit.

What particular IT services meet HIPAA compliant security standards for protecting PHI? Your HIPAA hosting provider should be able to answer this question with specific answers that detail recommended IT services – a private firewall, either virtual or dedicated, with VPN for remote access; data encryption following NIST standards; separate database and web servers for production, etc.

Do you have documented policies and procedures? Make sure you know your hosting provider’s policies when it comes to a data breach – they are required by law as a BA (Business Associate) to notify covered entities in a timely manner, and covered entities are required to notify affected individuals within 10 days. Not following these deadlines and procedures can result in costly lawsuits.

Are your employees trained? The recent military healthcare contractor HIPAA violation was attributed to an employee transporting PHI off of government property and leaving backup tapes unattended in the trunk of a car. The recent lawsuit states that their employees were either not properly trained or completely untrained in HIPAA compliant security procedures. HIPAA requires all employees to be trained in the proper security practices, including policies, physical security, logical security, risk response and reporting, passwords/workstation use, data protection and more.

Do you have a thorough BAA (Business Associates Agreement) with documented and communicated policies? Under HIPAA’s standards for penalties, the lack of a BAA implies negligence, which may fall under Willful Neglect – fines ranging from $10,000 to $50,000 for each incident and potential criminal charges. A BAA can also be valuable to define how the data is handled after service termination; a sample BAA from HHS.gov includes a provision requiring the BA to return or destroy all PHI received from the covered entity, emphasizing that the BA shouldn’t keep any copies of the PHI. If you don’t sign a well-thought out BAA with your hosting provider, they can potentially keep your data on file long after you leave them.

Opinion

Post navigation

Previous post
Next post

Leave a Reply Cancel reply

You must be logged in to post a comment.

Categories

Archives

Recent Posts

  • Boots Child Clothes

  • Miffy Shirt

  • Top 10 Best Presidential Fishing Reels Comparison

  • Jacket Black Leather Men

  • The Russians Indicted Friday Can't Ever Travel To A Country Friendly With The US

  • Black and White Cool Mens Formal Jacket

  • Lavina Jahorina: Top 10 Best Buy New Macbook Pro Battery Comparison

  • Top 10 Best New Fishing Lines 2015 Comparison

  • Top 10 Best Straw Trivets Sets Comparison

  • Top 10 Best Pottery Trivets Comparison

  • Lavina Jahorina: Top 10 Best Buy DJ Equipment Canada Comparison

  • Sweaters Vest for Mens How to Wear

  • Trading Spaces' Genevieve Gorder Is Engaged! All About Her 'Undeniable' Love with Her Fiance

  • Top 10 Best Choose Fishing Lines Comparison

  • Top 10 Best Blazer Jacket for Mens Comparison

  • Black Denim Jacket Men Small

  • Newborn Child Girl Cowboy Boots

  • Top 10 Best How To Change Microphone From Mono To Stereo Windows 10 Comparison

  • Collar Scalibor Oferta 2×1

  • Easy To Follow Tips For Increased Self Esteem

  • Top 10 Best Closed Reel Fishing Reel Comparison

  • What Is the Most Expensive Suit Brand?

  • Lavina Jahorina: Top 10 Best Magnetic Knife Holders Ikea Comparison

  • What Can I Wear With a Dark Grey Suit?

  • Klopp discusses who’ll play right-back now Clyne’s fit

  • Leather Jackets Men Guide

  • Top 10 Best Shimano Curado Cu-201 (Left Hand) Baitcaster Fishing Reels Comparison

  • Camo Jackets Forever 21 Men’s

  • Znu Mens Winter Thicken Warm Stand Collar Down Jacket Coat Outwear Parka

  • Top 10 Dog-Friendliest U.S. Destinations to Celebrate the Year of the Dog with Your Pup

©2025 Lavina Jahorina | WordPress Theme by SuperbThemes